Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7068 | 1 Php | 1 Php | 2025-04-09 | 6.4 MEDIUM | N/A |
| The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. | |||||
| CVE-2007-1136 | 1 Webmplayer | 1 Webmplayer | 2025-04-09 | 6.8 MEDIUM | N/A |
| index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous. | |||||
| CVE-2008-1411 | 1 Acronis | 1 Snap Deploy | 2025-04-09 | 5.0 MEDIUM | N/A |
| The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2025-04-09 | 4.3 MEDIUM | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | |||||
| CVE-2009-4537 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | |||||
| CVE-2008-1277 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 9.0 HIGH | N/A |
| The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | |||||
| CVE-2008-5362 | 1 Adobe | 2 Air, Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | |||||
| CVE-2009-4372 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
| AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/. | |||||
| CVE-2008-1311 | 1 Packettrap | 1 Pt360 Tool Suite Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312. | |||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2025-04-09 | 5.0 MEDIUM | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
| CVE-2007-2172 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
| A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. | |||||
| CVE-2008-6556 | 1 Puppet Master | 1 Webutil | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. | |||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2025-04-09 | 7.8 HIGH | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||||
| CVE-2007-5066 | 1 Webmin | 1 Webmin | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | |||||
| CVE-2009-1491 | 2 Mcafee, Microsoft | 2 Groupshield, Exchange Server | 2025-04-09 | 9.3 HIGH | N/A |
| McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | |||||
| CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2025-04-09 | 7.5 HIGH | N/A |
| Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
| CVE-2008-0876 | 1 Hitachi | 2 Sewb3 Mi-platform, Sewb3 Platform | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data." | |||||
| CVE-2009-4102 | 2 Mozilla, Sage.mozdev | 2 Firefox, Sage | 2025-04-09 | 9.3 HIGH | N/A |
| Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
| CVE-2009-0793 | 2 Littlecms, Sun | 2 Lcms, Openjdk | 2025-04-09 | 4.3 MEDIUM | N/A |
| cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | |||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | |||||